- CyberCrime Center
March 10, 2014
More than 125 million tax returns were filed online last year, almost double the year before. How would you guess 93 percent of the fraudulent returns were filed? Online. And yes, that was a rhetorical question.
“The technology surrounding tax returns has advanced to provide a quicker and easier filing process for taxpayers, but such technology can offer additional opportunities for cybercriminals to steal identities,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “However, the risks associated with tax e-filing can be mitigated through comprehensive cybersecurity strategies. Specifically, businesses and government agencies must implement anonymized sharing of trusted identity intelligence without compromising personal identities and privacy.”
Cybercriminals have come up with any number of strategies for ripping off the taxpayer and the tax system including:
• Filing Fraudulent Returns – Cybercriminals file fraudulent tax returns for children, adults who don’t earn enough to require returns and even dead people. A 2013 report by the Treasury Inspector General found the Internal Revenue Service (IRS) gave away nearly $4 billion in fraudulent tax refunds the previous year. Many consumers filing tax returns find out that someone else illegally filed a return in their name. Cybercriminals often get returns on pre-paid cards which are then turned into cash. Legitimate taxpayers are left holding the bag. They’re the ones who are forced to deal with IRS, re-file correct returns and make sure their data and identity are being used for other frauds.
• Stealing Identities – After legitimate users file their returns online, cybercriminals can sometimes hack the system and steal the personal information found in a return including names, bank accounts and social security numbers. In the first half of 2013 alone, 1.6 million taxpayers were affected by identity theft.
• Using Social Networks to Steal Personal Information – Now cybercriminals are turning to social networks to identify potential targets and collect the type of information they need to complete returns. What they look for includes the user’s number of children, marital status and employer. That way the crooks can claim the correct number of dependents and estimate a believable annual salary.
The launch of a new IRS mobile app this year poses additional risks for tax return fraud. The app provides information on a user’s refund status and tax records, as well as a portal that allows taxpayers to download their returns since 2009. Despite the convenience factor for consumers, these tools make it easier for cybercriminals to illegally obtain more personally identifiable information than was previously available.
“It’s essential for consumers to use caution when filing returns online and avoid publicly sharing personally identifiable information, but it’s up to governmental agencies and private industries to collaborate on sharing data that can be used to prevent cybercrime,” said Faulkner. “Private industries have begun to adopt more sophisticated screening procedures, and government agencies such as the IRS need to follow suit with a layered approach including advanced fraud prevention and context-based security to effectively prevent cybercrime associated with online tax returns.”
In February 2013, President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity, which mandated an update of the current cybersecurity framework. In February 2014, the National Institute of Standards and Technology updated the framework with voluntary guidelines for the government and private sector to address and manage cybersecurity risks, such as the increased risks of tax e-filing. A key takeaway is the need for a collective and orchestrated response to threats facing the nation’s infrastructure and mission-critical applications.
To make electronic filing safer, ThreatMetrix urges the government and private industry share relevant anonymized intelligence in real time via a shared network — without compromising taxpayer privacy. This combined intelligence effort can dramatically reduce the amount of tax revenue lost to fraud and identity theft this tax season.
For more information and an infographic about the above information, visit http://www.threatmetrix.com/resource-center/infographics/tax-season-leads-to-a-4-billion-payday-for-cybercriminals/
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, Building Trust on the Internet, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Data Breach, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Executive Order on Improving Critical Infrastructure Cybersecurity, Filing Fraudulent Returns, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, Tax E-Filing Fraud, Tax Fraud, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, TrustDefender Cybercrime Protection Platform, Web Fraud